Privacy Policy
Effective 4 July 2026
BeeShelf is a cloud library system operated by iBX Design Consultancy (“BeeShelf”, “we”, “us”), based in Dubai Silicon Oasis, United Arab Emirates. This policy explains what personal data BeeShelf handles, why, and the controls you and your library have over it. Privacy is a core design principle of the product, not a footnote — this policy describes how that works in practice.
1. Who is responsible for your data (controller vs. processor)
BeeShelf serves institutions — schools, colleges, and libraries — and this shapes who is responsible for what:
- Library data — the institution is the controller; BeeShelf is the processor. When a library uses BeeShelf, the library decides what member and circulation data to collect and why. BeeShelf only processes that data on the library’s instructions, to provide the service. This includes borrower records, loans, holds, requests, and reading history. For schools, this is the “school official” / processor model (see our Trust & Compliance page).
- Account & billing data — BeeShelf is the controller. For the account of the person who sets up a library, our billing records, and the operation and security of the platform itself, BeeShelf determines the purposes and is the controller.
If you are a borrower and want to exercise a right over your library records, contact your library first — they control that data. We will support them (and you) in fulfilling the request.
2. What we collect
Library staff & administrators
- Name, email address, and role.
- A securely hashed password (we never store passwords in readable form).
Members (borrowers)
- Name and (optionally) email address.
- A library card / barcode and member category, if the library uses them.
- A securely hashed password, if the member creates an online account.
- Borrowing activity: loans, holds, renewals, fines, and title requests — the records a library needs to run.
- Reading-taste signals used to power recommendations and discovery. This is optional and can be switched off — by the member for themselves, and by the institution for everyone (see §6).
Technical & security data
- Limited request metadata (such as IP address) used to rate-limit sign-ins and protect against abuse.
- Operational logs needed to run and secure the service.
Billing data
- Plan, subscription status, and billing contact. Card details are handled entirely by Stripe and never touch BeeShelf’s servers. Payments are processed by Stripe under iBX.
We do not sell personal data, and we do not run behavioural advertising.
3. Why we use it (and our legal bases)
| Purpose | Legal basis (GDPR) |
|---|---|
| Providing the library service on the institution’s instructions | Performance of a contract / processing for the controller |
| Securing accounts, rate-limiting, preventing abuse | Legitimate interests |
| Personalized recommendations & discovery | Consent (opt-in / opt-out, per member and per institution) |
| Billing and account administration | Performance of a contract |
| Meeting legal and regulatory obligations | Legal obligation |
4. Where your data lives & who processes it
BeeShelf hosts data in the European Union (Frankfurt, Germany), on managed infrastructure. We use a small, vetted set of sub-processors to run the service (hosting, database, email, payments, and optional AI features). The full list, what each does, and where it processes data is published and kept current on our Sub-processors page. Where data is transferred outside the EU/EEA (for example, an email or AI provider), we rely on appropriate safeguards such as Standard Contractual Clauses.
5. How long we keep it
- The institution controls retention. A library can choose not to retain reading history (keeping only active loans), and can purge returned-loan history older than a chosen cut-off.
- Records are soft-deleted first (recoverable for a short window) before removal, to prevent accidental loss.
- Account and billing records are kept for as long as the account is active and as required by law afterwards.
- When a library closes its account, its data is deleted or returned on request within a reasonable period, as set out in our Data Processing Addendum.
6. Your controls & rights
Depending on where you live, you may have rights to access, correct, delete, export, restrict, or object to the processing of your personal data. BeeShelf is built to support these:
- Access & portability. A library can export its full data set (members, holdings, loans, holds, requests) at any time, in a portable format — a one-click, no-lock-in export.
- Correction & deletion. Staff can edit and remove member records; deletions are honoured through the system.
- Opt out of personalization. Any member can turn off taste-based recommendations for themselves; an institution can run in popularity-only mode with no behavioural tracking at all.
- Retention control. Institutions decide whether reading history is kept and for how long.
To exercise a right: members should contact their library (the controller); libraries and account holders can contact us at hello@beeshelf.com. You also have the right to complain to your data protection authority.
7. Children & students
BeeShelf is provided to institutions, not marketed to children directly. Where minors use BeeShelf, they do so through their school or library, which acts as the controller and provides any required consent under laws such as COPPA and FERPA. We do not knowingly collect personal data from children outside this institutional relationship, we do not use student data for advertising, and personalization can be disabled entirely for an institution. See Trust & Compliance for detail.
8. Security
- Encryption in transit (TLS) and at rest on managed infrastructure.
- Strict tenant isolation: every library’s data is separated at the database level (row-level security), so one library can never read another’s.
- Passwords are stored only as salted hashes; sign-in endpoints are rate-limited against brute force.
- Email verification gates borrowing; role-based access controls limit what staff can do.
No system is perfectly secure, but security is designed in from the schema up. Our incident-notification commitments are set out in our Data Processing Addendum.
9. Cookies & local storage
BeeShelf uses local browser storage to keep you signed in and remember essential preferences. It does not use third-party advertising or cross-site tracking cookies.
10. Changes to this policy
We’ll update this policy as the product and our obligations evolve, and revise the date above. Material changes affecting institutions will be communicated through the service.
11. Contact
The data controller for account and billing data is iBX Design Consultancy, Dubai Silicon Oasis, United Arab Emirates. Questions about privacy? Email hello@beeshelf.com.